xref: /openbmc/qemu/include/crypto/tlscredsx509.h (revision 32e70aad)
1 /*
2  * QEMU crypto TLS x509 credential support
3  *
4  * Copyright (c) 2015 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #ifndef QCRYPTO_TLSCREDSX509_H
22 #define QCRYPTO_TLSCREDSX509_H
23 
24 #include "crypto/tlscreds.h"
25 
26 #define TYPE_QCRYPTO_TLS_CREDS_X509 "tls-creds-x509"
27 #define QCRYPTO_TLS_CREDS_X509(obj)                  \
28     OBJECT_CHECK(QCryptoTLSCredsX509, (obj), TYPE_QCRYPTO_TLS_CREDS_X509)
29 
30 typedef struct QCryptoTLSCredsX509 QCryptoTLSCredsX509;
31 typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX509Class;
32 
33 #define QCRYPTO_TLS_CREDS_X509_CA_CERT "ca-cert.pem"
34 #define QCRYPTO_TLS_CREDS_X509_CA_CRL "ca-crl.pem"
35 #define QCRYPTO_TLS_CREDS_X509_SERVER_KEY "server-key.pem"
36 #define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem"
37 #define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem"
38 #define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem"
39 
40 
41 /**
42  * QCryptoTLSCredsX509:
43  *
44  * The QCryptoTLSCredsX509 object provides a representation
45  * of x509 credentials used to perform a TLS handshake.
46  *
47  * This is a user creatable object, which can be instantiated
48  * via object_new_propv():
49  *
50  * <example>
51  *   <title>Creating x509 TLS credential objects in code</title>
52  *   <programlisting>
53  *   Object *obj;
54  *   Error *err = NULL;
55  *   obj = object_new_propv(TYPE_QCRYPTO_TLS_CREDS_X509,
56  *                          "tlscreds0",
57  *                          &err,
58  *                          "endpoint", "server",
59  *                          "dir", "/path/x509/cert/dir",
60  *                          "verify-peer", "yes",
61  *                          NULL);
62  *   </programlisting>
63  * </example>
64  *
65  * Or via QMP:
66  *
67  * <example>
68  *   <title>Creating x509 TLS credential objects via QMP</title>
69  *   <programlisting>
70  *    {
71  *       "execute": "object-add", "arguments": {
72  *          "id": "tlscreds0",
73  *          "qom-type": "tls-creds-x509",
74  *          "props": {
75  *             "endpoint": "server",
76  *             "dir": "/path/to/x509/cert/dir",
77  *             "verify-peer": false
78  *          }
79  *       }
80  *    }
81  *   </programlisting>
82  * </example>
83  *
84  *
85  * Or via the CLI:
86  *
87  * <example>
88  *   <title>Creating x509 TLS credential objects via CLI</title>
89  *   <programlisting>
90  *  qemu-system-x86_64 -object tls-creds-x509,id=tlscreds0,\
91  *          endpoint=server,verify-peer=off,\
92  *          dir=/path/to/x509/certdir/
93  *   </programlisting>
94  * </example>
95  *
96  */
97 
98 struct QCryptoTLSCredsX509 {
99     QCryptoTLSCreds parent_obj;
100 #ifdef CONFIG_GNUTLS
101     gnutls_certificate_credentials_t data;
102 #endif
103     bool sanityCheck;
104     char *passwordid;
105 };
106 
107 
108 struct QCryptoTLSCredsX509Class {
109     QCryptoTLSCredsClass parent_class;
110 };
111 
112 
113 #endif /* QCRYPTO_TLSCREDSX509_H */
114